---
title: AWS Marketplace
hide_title: true
---

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

## AWS Marketplace
Weave GitOps is also available via the AWS Marketplace.

The following steps will allow you to deploy the Weave GitOps product to an EKS cluster via a Helm Chart.

These instructions presume you already have installed [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/),
[`eksctl`](https://github.com/weaveworks/eksctl), [`helm`](https://github.com/helm/helm) and
the [Helm S3 Plugin](https://github.com/hypnoglow/helm-s3).

### Step 1: Subscribe to Weave GitOps on the AWS Marketplace

To deploy the managed Weave GitOps solution, first subscribe to the product on [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-vkn2wejad2ix4).

_Note: it may take ~20 minutes for your Subscription to become live and deployable._

### Step 2: Configure an EKS Cluster

<Tabs groupId="cluster-config" default>
<TabItem value="Create a new EKS Cluster" label="Create a new EKS Cluster">

If you do not have a cluster on EKS, you can use [`eksctl`](https://github.com/weaveworks/eksctl) to create one.

Copy the contents of the sample file below into `cluster-config.yaml` and replace the placeholder values with your settings.
See the [`eksctl` documentation](https://eksctl.io/) for more configuration options.

<details>
<summary>Expand for file contents</summary>

```yaml title="cluster-config.yaml"
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: CLUSTER_NAME # Change this
  region: REGION # Change this

# This section is required
iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: wego-service-account # Altering this will require a corresponding change in a later command
      namespace: flux-system
    roleOnly: true
    attachPolicy:
      Version: "2012-10-17"
      Statement:
      - Effect: Allow
        Action:
        - "aws-marketplace:RegisterUsage"
        Resource: '*'

# This section will create a single Managed nodegroup with one node.
# Edit or remove as desired.
managedNodeGroups:
- name: ng1
  instanceType: m5.large
  desiredCapacity: 1
```

</details>

Create the cluster:

```bash
eksctl create cluster -f cluster-config.yaml
```

</TabItem>
<TabItem value="Use an existing EKS Cluster" label="Use an existing EKS Cluster">

In order to use the Weave GitOps container product,
your cluster must be configured to run containers with the correct IAM Policies.

The recommended way to do this is via [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/).

Use this `eksctl` configuration below (replacing the placeholder values) to:
- Associate an OIDC provider
- Create the required service account ARN

Save the example below as `oidc-config.yaml`

<details>
<summary>Expand for file contents</summary>

```yaml title="oidc-config.yaml"
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: CLUSTER_NAME # Change this
  region: REGION # Change this

# This section is required
iam:
  withOIDC: true
  serviceAccounts:
  - metadata:
      name: wego-service-account # Altering this will require a corresponding change in a later command
      namespace: flux-system
    roleOnly: true
    attachPolicy:
      Version: "2012-10-17"
      Statement:
      - Effect: Allow
        Action:
        - "aws-marketplace:RegisterUsage"
        Resource: '*'
```

</details>

```bash
eksctl utils associate-iam-oidc-provider -f oidc-config.yaml --approve
eksctl create iamserviceaccount -f oidc-config.yaml --approve
```

</TabItem>
</Tabs>


### Step 3: Fetch the Service Account Role ARN
First retrieve the ARN of the IAM role which you created for the `wego-service-account`:

```bash
# replace the placeholder values with your configuration
# if you changed the service account name from wego-service-account, update that in the command
export SA_ARN=$(eksctl get iamserviceaccount --cluster <cluster-name> --region <region> | awk '/wego-service-account/ {print $3}')

echo $SA_ARN
# should return
# arn:aws:iam::<account-id>:role/eksctl-<cluster-name>-addon-iamserviceaccount-xxx-Role1-1N41MLVQEWUOF
```

_This value will also be discoverable in your IAM console, and in the Outputs of the Cloud Formation
template which created it._

### Step 4: Install Weave GitOps

Copy the Chart URL from the Usage Instructions in AWS Marketplace, or download the file from the Deployment template to your workstation.

To be able to log in to your new installation, you need to set up authentication. Create a new file `values.yaml` where you set your username, and a bcrypt hash of your desired password, like so:

```yaml title="./values.yaml"
gitops:
  adminUser:
    create: true
    username: <UPDATE>
    passwordHash: <UPDATE>
```

Then install it:

<Tabs groupId="install-wego" default>
<TabItem value="sa-default" label="Using the default Service Account Name">

```console
helm install wego <URL/PATH> \
  --namespace=flux-system \
  --create-namespace \
  --set serviceAccountRole="$SA_ARN" \
  --values ./values.yaml
```

</TabItem>
<TabItem value="sa-configured" label="Using a configured Service Account Name">

```console
helm install wego <URL/PATH> \
  --namespace=flux-system \
  --create-namespace \
  --set serviceAccountName='<name>' \
  --set serviceAccountRole="$SA_ARN" \
  --values ./values.yaml
```

</TabItem>
</Tabs>

### Step 5: Check your installation

Run the following from your workstation:

```console
kubectl get pods -n flux-system
# you should see something like the following returned
flux-system          helm-controller-5b96d94c7f-tds9n                    1/1     Running   0          53s
flux-system          kustomize-controller-8467b8b884-x2cpd               1/1     Running   0          53s
flux-system          notification-controller-55f94bc746-ggmwc            1/1     Running   0          53s
flux-system          source-controller-78bfb8576-stnr5                   1/1     Running   0          53s
flux-system          wego-metering-f7jqp                                 1/1     Running   0          53s
flux-system          ww-gitops-weave-gitops-5bdc9f7744-vkh65             1/1     Running   0          53s
```

Your Weave GitOps installation is now ready!
